Security experts warn of risky attacks on tech-loaded cars

(Phys.org) -- Now that tiny computers and electronic communications systems are being designed into cars, hackers can look toward the car, like the PC, as potential roadkill. If cars are to become computers on wheels, a number of security experts are expanding their focus on car security systems and sources of security threats. U.S. computer scientists from California and Washington state have already identified ways in which computer worms and Trojans are carried over to automobiles. Conduits include onboard diagnostics systems, wireless connections and even tainted CDs played on radios systems.

Experts point out that the numerous computers known as electronic control units, or ECUs, require tens of millions of lines of computer code to manage interconnected systems. These range from engines, brakes and navigation to lighting, ventilation and entertainment. The same wireless technologies that power cell phones and Bluetooth headsets are in cars and in turn are vulnerable to remote attacks.

Unlike PCs, though, the attackers goal with cars may not be to rob the victim of information but to steal the car, or spy on in-car conversation, or cause the vehicle to crash.

McAfee, a subsidiary of Intel and known for its security work to remedy PC viruses, are conducting research on car security at a Beaverton, Oregon garage. Bruce Snell, a McAfee executive, confirmed that automakers are not blind to risks of cyber attacks and are aware of auto system-hacking repercussions far different from seeing laptop data swiped and wiped. McAfee, a subsidiary of Intel, issued a report on automotive systems security with a title that reveals what it sees as the coming risks: Caution: Malware Ahead.

Researchers of the University of California, San Diego, and the University of Washington have already figured out how to hack into a modern car using a laptop. The same research team extended the scenario to remotely mount attacks via Bluetooth. According to the McAfee paper, another attack scenario was presented by researchers of the University of South Carolina and Rutgers. They demonstrated it was possible to mount an attack on a vehicle and compromise passengers privacy by tracking Radio Frequency Identification (RFID )tags using long-distance readers at around 40 meters; the RFID tags are used in tires for sensor data over wireless short-distance communication to the vehicle.

Reports do not single out vendors because the issues are relevant to the entire industry; automakers use common suppliers and processes. Nonetheless, a Reuters check of vendor initiatives shows concern in responses.

Major U.S. automakers did not say if they knew of any instances in which their vehicles had been attacked with malicious software or if they had recalled cars to fix security vulnerabilities. At the same time, nothing is impossible and they are working to keep their systems as safe as possible.

Ford has its security engineers working on SYNC in-vehicle communications and entertainment system to ensure it is as resistant as possible to attack, according to the Reuters report. Toyota Motor Corp, the world's biggest automaker, said it was not aware of any hacking incidents and that hacking was at least close to impossible. A Toyota source said the vehicles are designed to change their coding constantly. Chrysler is joining industry groups and outside organizations to tackle car security.

As noted in Car and Driver, as more people start to access car networks, the auto industry will beef up relevant security. That may also mean something all too familiar to the PC industry, a relentless skirmish between hackers and automakers.

(PhysOrg.com) -- The idea that someone can get into your car without your permission isn't a new one. It's about as old as the coat hanger, but that was back in the days when you locks had a pull up button. We tend to think ...

(PhysOrg.com) -- A team of researchers led by Professor Stefan Savage from the University of California, San Diego and Tadayoshi Kohno from the University of Washington set out to see what it would take to control an automobile’s ...

(PhysOrg.com) -- Wireless tire pressure monitoring systems designed to alert drivers to problems with low tire pressure can be intercepted or forged, causing possible security or privacy threats, according to research at ...

Researchers at Hong Kong Baptist University (HKBU) have partnered with a team from Tencent Machine Learning to create a new technique for training artificial intelligence (AI) machines faster than ever before while maintaining ...

To evaluate in vivo physiological functions, electrophysiological signals must be monitored with high precision and high spatial or temporal resolution. Ultraflexible, multielectrode arrays (MEAs) were recently fabricated ...

This doesn't apply just to cars. If it is 'smart' enough so that you can program it, upload to it....That somebody, somewhere will pervert the gidget's intended function for their own purposes, even 'just because they can' is supposed to be surprising? It should be seen as a given. (there is no exception to THAT rule) What did they expect? Cheers, DH66

One question that's been dogging me is: who do they expect will do work on these cars? At the rate we're digitizing cars, it won't be long before every car mechanic will have to have a degree in computer programming to diagnose a problem...

If they've managed to get it relatively safe for the Boeing 787, we can do it for cars. Also, I think we need to have more severe punishments for tampering with vehicles. Hacking into a business server now is jail time or a fine. Hacking into vehicles should be attempted murder charges. If you cause the steering, brakes, or navigation to fail and people die, it's obvious it was murder. Even attempting to do so should be attempted murder. That in itself will keep some people from playing with it.

But then how about smart cars without remote control features? They could do image recognition of the road conditions with cameras and on-board computers, without wi-fi, gps, bluetooth and so on.

I often wonder if car companies (and many other companies) are designing features into our products that they "think" we want or "want us" to want but that we don't really care about. Turning a cell phone into an internet-accessable multi-functional bohemoth was a great idea. Turning my car into one? I don't really see a use for that... and I kind of wish I could get the cool features mentioned above without the wifi/cell connectivity/etc. that keeps getting bundled with it